Warning: Anthropic's "Gift Max" exploit drained €800+, ruined my credit, and got me banned.

Heads up to anyone here using Claude/Anthropic as an alternative. If you have a card saved on their platform, **remove it now.** I’m a data science student in Germany. On April 27th, my account was hit with over **€800 in unauthorized "Gift Max" charges**. **The Exploit:** * **2FA was active.** * **3-D Secure was bypassed** (I received the bank emails, but they were never opened or authorized). * The gift codes were generated and instantly redeemed by a third party. * Anthropic’s own status page admitted to "Elevated billing errors and unauthorized subscription changes" that same day. (This systemic flaw is well-documented in GitHub issues #51404 and #51168). **The Fallout:** Losing €800 instantly meant my monthly direct debits for my train ticket, internet, and utilities all bounced. In Germany, this instantly tanks your **SCHUFA** (credit score). My financial standing as a student is in ruins. **Anthropic's Response:** I sent them a professional email with my German police report (*Strafanzeige*) and the GitHub evidence, asking for a refund. **Their response was to BAN my account.** I lost access to all my WIP projects, research, and data science chats. They didn't just let me get robbed; they silenced me for reporting a vulnerability in their billing pipeline. No refund has been issued. I used to advocate for Anthropic’s "AI Safety" approach, but safety marketing means nothing if your basic fintech security is this negligent. Be careful out there. This is a compromised version of the post I made on Anthropic's subreddit, but I thought it was worth it to post here to warn people. *(Note: This post was written with the aid of Gemini).*